Kiteworks Managed File Transfer
CVE-2025-53899
HIGH
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionGitHub Advisory
Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, the back-end of Kiteworks MFT is vulnerable to an incorrectly specified destination in a communication channel which allows an attacker with administrative privileges on the system under certain circumstances to intercept upstream communication which could lead to an escalation of privileges. This issue has been patched in version 9.1.0.
AnalysisAI
Kiteworks MFT orchestrates end-to-end file transfer workflows. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-941. Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, the back-end of Kiteworks MFT is vulnerable to an incorrectly specified destination in a communication channel which allows an attacker with administrative privileges on the system under certain circumstances to intercept upstream communication which could lead to an escalation of privileges. This issue has been patched in version 9.1.0. Affected products include: Accellion Kiteworks Managed File Transfer. Version information: version 9.1.0.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Kiteworks MFT orchestrates end-to-end file transfer workflows. Rated high severity (CVSS 7.1), this vulnerability is low
Kiteworks MFT orchestrates end-to-end file transfer workflows. Rated medium severity (CVSS 6.8), this vulnerability is r
Kiteworks MFT orchestrates end-to-end file transfer workflows. Rated medium severity (CVSS 6.5), this vulnerability is r
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today